Products
NETGEAR Orbi 760
NETGEAR Orbi 760 router
Source
zdi-disclosures@trendmicro.com
Tags
CVE-2023-41183 details
Last Modified : May 3, 2024, 12:49 p.m.
Description
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20524.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.8
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://kb.netgear.com/000065734/Security-Advisory-for-Authentication-Bypass-on-the-RBR760-PSV-2023-0052 | zdi-disclosures@trendmicro.com |
https://www.zerodayinitiative.com/advisories/ZDI-23-1283/ | zdi-disclosures@trendmicro.com |